Browse Source

redis: use /run instead or /var/run

pull/124/head
Jérémy Lecour 8 months ago
committed by Jérémy Lecour
parent
commit
3709808fdc
  1. 1
      CHANGELOG.md
  2. 4
      redis/defaults/main.yml
  3. 17
      redis/tasks/instance-server.yml
  4. 35
      redis/templates/redis-server@buster.service.j2
  5. 2
      redis/templates/redis-server@stretch.service.j2

1
CHANGELOG.md

@ -27,6 +27,7 @@ The **patch** part changes incrementally at each release.
* evoacme: upstream release 21.01
* minifirewall: change some defaults
* nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
* redis: use /run instead or /var/run
### Fixed

4
redis/defaults/main.yml

@ -9,10 +9,10 @@ redis_port: 6379
redis_bind_interface: 127.0.0.1
redis_socket_enabled: True
redis_socket_dir_prefix: '/var/run/redis'
redis_socket_dir_prefix: '/run/redis'
redis_socket_perms: 770
redis_pid_dir_prefix: "/var/run/redis"
redis_pid_dir_prefix: "/run/redis"
redis_timeout: 300

17
redis/tasks/instance-server.yml

@ -110,7 +110,7 @@
tags:
- redis
- name: Systemd template for redis instances is installed (Debian 9 or later)
- name: Systemd template for redis instances is installed (Debian 9)
template:
src: 'redis-server@stretch.service.j2'
dest: '/etc/systemd/system/redis-server@.service'
@ -119,7 +119,20 @@
group: "root"
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version is version('9', '>=')
- ansible_distribution_major_version is version('9', '=')
tags:
- redis
- name: Systemd template for redis instances is installed (Debian 10 or later)
template:
src: 'redis-server@buster.service.j2'
dest: '/etc/systemd/system/redis-server@.service'
mode: "0644"
owner: "root"
group: "root"
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version is version('10', '>=')
tags:
- redis

35
redis/templates/redis-server@buster.service.j2

@ -0,0 +1,35 @@
[Unit]
Description=Advanced key-value store
After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/redis-server {{ redis_conf_dir_prefix }}-%i/redis.conf
PIDFile=/run/redis-%i/redis-server.pid
TimeoutStopSec=0
Restart=always
User=redis-%i
Group=redis-%i
RuntimeDirectory=redis-%i
ExecStop=/bin/kill -s TERM $MAINPID
UMask=007
PrivateTmp=yes
LimitNOFILE=65535
PrivateDevices=yes
ProtectHome={{ redis_data_dir_prefix is match('/home') | ternary('no', 'yes') }}
ReadOnlyDirectories=/
ReadWriteDirectories=-{{ redis_data_dir_prefix }}-%i
ReadWriteDirectories=-{{ redis_log_dir_prefix }}-%i
ReadWriteDirectories=-{{ redis_pid_dir_prefix }}-%i
ReadWriteDirectories=-{{ redis_socket_dir_prefix }}-%i
CapabilityBoundingSet=~CAP_SYS_PTRACE
# redis-server writes its own config file when in cluster mode so we allow
# writing there (NB. ProtectSystem=true over ProtectSystem=full)
ProtectSystem=true
ReadWriteDirectories=-{{ redis_conf_dir_prefix }}-%i
[Install]
WantedBy=multi-user.target

2
redis/templates/redis-server@stretch.service.j2

@ -5,7 +5,7 @@ After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/redis-server {{ redis_conf_dir_prefix }}-%i/redis.conf
PIDFile=/var/run/redis-%i/redis-server.pid
PIDFile=/run/redis-%i/redis-server.pid
TimeoutStopSec=0
Restart=always
User=redis-%i

Loading…
Cancel
Save